I'm looking to create a secure wrapper for a public class with public static methods, so let's say the class is very simply:
public class MyClass {
public static int Add (int first, int second)
{
return first + second;
}
}
I want to have a client needing to access this via some secure other class that will call MyClass. At the end of the day I'm expecting to have all this code in a single dll for clients to use. The intention is to have some behaviour like:
public class SecureMyClassWrapper
{
bool _isUnlocked;
private static readonly List<string> validIds = new List<string>(){"only me", "and them"};
public SecureMyClassWrapper(string id)
{
if (validIds.Contains(id))
{
_isUnlocked = true;
}
else
{
_isUnlocked = false;
}
}
public int Add(int first, int second)
{
if (_isUnlocked)
{
return MyClass.Add(first, second);
}
else
{
// throw security exception etc.
}
}
}
There's a fair possibility that someone with more hacking ability than me is going to want to get at my static methods, so please can somebody suggest why this might be a bad approach or what I should be concerned about here? Some ideas would be that
MyClassmethods can easily be called through reflection- somebody could ildasm.exe code, change the list of
validIdsor_isUnlockedlogic (or even their values at runtime?) - possible to read a valid ID and then use it as their own
How could I guard against reflection or decompilation in these cases? Is there a standard approach for this you would recommend, e.g. Code Access Security?
Aucun commentaire:
Enregistrer un commentaire